I am new to system administration and I have a permission related query. I have a group called administration
. Inside the administration
group, I have the users user1
, user2
, user3
, superuser
. All the users are in the administration
group. Now, I need to give permissions to the user superuser
to be able to view the /home
directory of the other users. However, I do not want user1
, user2
, user3
to see the home of any other user other than himself. (That is, user1
should be able to see only user1
's home and so on).
I have created the users and groups and assigned all the users to the group. How should I specify the permissions for the superuser
now?
In other words, I'm thinking of having two groups (say NormalUsers
and Superuser
). The NormalUsers
group will have the users user1
, user2
and user3
. The Superuser
group will only have the user Superuser
. Now, I need the Superuser
to have full access on the files of users in the group NormalUsers
. Is this possible in Linux?
Best Answer
If the users are cooperative, you can use access control lists (ACL). Set an ACL on the home directory of
user1
(and friends) that grants read access tosuperuser
. Set the default ACL as well, for newly created files, and also the ACL on existing files.user1
can change the ACL on his files if he wishes.If you want to always give
superuser
read access touser1
's files, you can create another view of the users' home directories with different permissions, with bindfs.Files accessed through ~superuser/spyglass/user1 are world-readable. Other than the permissions,
~superuser/spyglass/user1
is a view ofuser1
's home directory. Sincesuperuser
is the only user who can access~superuser/spyglass
, onlysuperuser
can benefit from this.